This document discusses providing accountability and access control for data shared in the cloud. It proposes a system where data owners can store encrypted data on a cloud service provider (CSP) along with access privileges for authorized clients. Clients must get permission from the data owner to retrieve encrypted data files from the CSP. The CSP generates log files of client access that are sent to the data owner for auditing purposes. The system uses algorithms like MD5, PBE and RSA for encryption, access control and integrity verification to securely share data while maintaining the data owner's control.

1. Cloud computing
Data sharing with accountability in the cloud
Group members: Guided by:
k.Jeganathan Ms. chitra.v M.E.,
A.susheenthiran

2. Objective
Cloud computing is a recent model for enabling
convenient, on-demand network access to a shared
pool of configurable computing resources.
Cloud computing can play a significant role in a
variety of areas including innovations, virtual worlds,
e-business, social networks, or search engines.

3. Abstract
The cloud enables efficient data sharing in the cloud.
Users fear that data are accessed and outsourced
without their permission.
To over come this problem we provide accountability
mechanism for both data owners as well as client.
Client needs to get access privilege from data owner
for accessing the data in the cloud.
Client gets access privilege from data owner and
retrieves the data from csp.

4. Contd..
Before that data owners should login to the csp and
stores their data in encrypted form along with client
access privilege , that is jar file.
Client logins to the csp only if he gets permission
from data owner for that client should be
authenticated.
A file which contains the information of each user
with access privileges and stores along with the data
file in the csp.

5. Existing system
The data processed on clouds are often outsourced,
leading to a number of issues related to
accountability, including the handling of personally
identifiable information.
Such fears are becoming a significant barrier to the
wide adoption of cloud services. Data’s are accessed
without the permission of data owner data are
modified and outsourced so owners fear of losing
their control.

6. Drawbacks
Accessing the data without the knowledge of data
owner.
Occurrence of data loss.
Data owner loss the control of their own data.
Possible of attacks like copying, man-in-the-middle
attack etc..
Integrity cannot be verified due to loss of control.

7. Proposed system
We propose a client accountability mechanism for
providing the control for the data owners.
Client can access the data only if the owners give
authentication and access privilege.
Data’s are stored in jar format for avoiding the loss of
data.
While the client access the data csp will generates a
log file which includes the details of client. Auditing
mechanisms can be done with the help of log file.

8. Advantages
Csp storage availability for data owners to store the data.
Separate authentication mechanism for clients with
access privilege control.
Only privileged clients can access the storage file.
Availability of secured data since the data's are stored in
csp.
Unauthorized clients cannot access the csp without the
data owner permission.
Batch auditing is performed.
To check the integrity log file will be sent to data owner
with the access privilege of the each client.

9. Data flow

10. Enhancement
Even though batch auditing was performed only by
verifying the access privilege, the data owner justifies
the data has been modified or not.
But the data owner doesn’t gain information about the
content in case of users whose write access privilege.
Suppose the client acts as hacker and provides the
correct information to the csp but hacks the content in
that cases data owner fear of losing their content.

11. Contd..
We implement MAC algorithm for integrity
verification, at the time of jar storage itself data
owner will generate MAC code for that data and store
it to the csp.
If unauthorized client outsource the data with the
modified content ,the csp will generates the MAC
code for that data and compare with original data
MAC code if the MAC is not same then integrity has
been brooked hence csp does not accept the content.

12. Algorithms used
MD5(message digest) algorithm for key generation to
each client during the accountability process of client.
PBE(password based encryption)algorithm for data
encryption and data decryption.
RSA algorithm for public and private key generation.
HMAC(hash message authentication code) algorithm
for integrity verification(future enhancement).

13. Modules
Accountability for cloud users.
Jar files storage in the CSP.
Logs file generation to data owner.
Integrity verification for data outsourcing.

14. Module description
Accountability for cloud users.
Client logins to the data owner and gets the access
privilege and data owner gathers client information
like file that he needs to access. To access the data
owner files first client should be an authenticated for
accessing those files. Client should register and login
to the data owner.

15. Data flow diagram
DATA OWNER
CSP
DETAILS
DATA OWNER CLIENT
REGISTRATION REGISTRATION

16. Contd..
Jar files storage in the CSP.
Data owner stores the data in the csp that is defined as
jar file storage; the file includes data file and client
information. Data will be encrypted before storing in
the csp. Data owners store the data along with the
client’s access privilege in the cloud service provider.
Owner’s data and access privilege are modified in jar
format and stored in csp. The JAR file includes a set of
simple access control rules specifying whether and how
the cloud servers and possibly other data stakeholders
(users, companies) are authorized to access the content
itself.

17. Client access
MAC code
policies
Encrypted
Data owner
data
Creation of
CSP
jar file

18. Contd..
Logs file generation to data owner.
If client want to get data from csp while mean time it
generates the log file to the data owner, log file consist
of access privilege, by auditing the log file and clients
access privilege data owner verifies the integrity of the
data. Once the client gets access permission from the
owner csp storage generates the log file to the data
owner. The log file consist of clients access permission
details along with the date. The integrity can be verified
with the help of the generated log record.

19. Contd..
Integrity verification for data outsourcing.
If the client wants to outsource the data ,it uploads
the data and produces to the csp, the csp does not
accept all data from client it generates a Mac code
from the client data if that ,Mac code matches
with the code generated by the data owner then
only csp accepts to outsource it. We use HMAC
algorithm for integrity verification, and thus
integrity is verified for the content also.

20. System Requirements
Software Requirements
OS : Windows Xp
Language : Java
IDE : NetBeans 6.9.1
Hardware Requirements
System : Pentium IV2.4GHz.
Hard Disk : 250 GB.
Monitor : 15 VGA Color
Mouse : Logitech.
Ram : 1GB.

21. Literature survey
A major feature of the cloud services is
that users’ data are usually processed
remotely in unknown machines that users
do not own or operate.
highly decentralized information
accountability framework to keep track of
the actual usage of the users’ data in the
cloud.

22. Contd..
Cloud services are delivered from data
centers located throughout the world.
Cloud computing is surrounded by many
security issues like securing data, and
examining the utilization of cloud by the
cloud computing vendors.
The boom in cloud computing has brought
lots of security challenges for the
consumers and service providers.

23. Contd..
Aims to identify the most vulnerable
security threats in cloud computing, which
will enable both end users and vendors to
know about the key security threats
associated with cloud computing.
The main advantage is cost effectiveness
for the implementation of the hardware
and software and this technology can
improve quality of current system

29. conclusion
By verifying the integrity a secure data sharing is
held in the cloud so that data owner need not fear
about the contents of him.
To strengthen user’s control
under extensive experimental studies
Further improvement provides efficiency and
effectiveness

30. References
D.J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigen-
baum, J.Hendler, and G.J. Sussman, “Information
Accountability,” Comm. ACM, vol. 51, no. 6, pp. 82-
87, 2008.
D. Boneh and M.K. Franklin, “Identity-Based
Encryption from the Weil Pairing,” Proc. Int’l
Cryptology Conf. Advances in Cryptology,
pp. 213-229, 2001.

31. Contd..
B. Chun and A.C. Bavier, “Decentralized Trust
Management and Accountability in Federated
Systems,” Proc. Ann. Hawaii Int’l Conf.
System Sciences (HICSS), 2004.
B. Crispo and G. Ruffo, “Reasoning about
Accountability within Delegation,” Proc. Third Int’l
Conf. Information and Comm. Security
(ICICS), pp. 251-260, 2001.

32. QUESTIONS ?

33. THANK YOU